Breaking Compliance News Blog

*Breaking News* Hacked Anthem data was not encrypted

Posted by Margaret Scavotto, JD, CHC on 2/6/15 2:44 PM

Find me on:

You have probably heard by now that Anthem announced the largest health care cyber attack to date. A database containing names, social security numbers, addresses, dates of birth, and employment and income information for 80 million individuals was hacked.

Today the Wall Street Journal reported that the compromised data was not encrypted

Do we need to encrypt?

Maybe. The Anthem attack has a lot of covered entities asking whether they need to encrypt their data. Here is what the Office of Civil Rights (OCR) has to say.

While encryption is not mandated, HIPAA does require covered entities to assess whether encryption is a reasonable and appropriate safeguard for their organization. Has your company made this determination? Are you confident that you could defend your position in the media, if faced with a breach?

For more information on encryption, check out the OCR website.

HIPAA on a budget:  Get HIPAA compliant with MPA's  HIPAA Tool Kit

 

Topics: HIPAA

    Privacy Policy           Terms of Use